GDPR at LeaveBoard


The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It impacts any and all businesses in the European Union or businesses that handle data of individuals within the European Union. This is new EU privacy legislation is replacing 95/46/EC Directive on Data Protection of 24 October 1995.

According to the new regulation, LeaveBoard acts as Data Processor, processing HR and time off data on behalf of its customers. LeaveBoard customers will act as the Data Controller for the employee data they manage in the platform.


Our commitment as Data Processor:

  • Privacy. LeaveBoard is processing employee data as mentioned into our privacy policy.
  • Security. LeaveBoard is storing employee and company data on its servers. Administrators and team leaders have access to modify and keep up to date, accurate data on the platform. Data Security.
  • Storage. LeaveBoard is storing data as mentioned in our security policy. The data is stored in servers located in France. The connections are encrypted and are kept with bank grade security.
  • Promptitude: We will provide you incident notifications as soon as reasonably possible if we ever experience any security incidents. At LeaveBoard we have never experienced any before.
  • Service. We only process data when and how you request us to do so via the platform.

Frequently asked questions:

Where is our data held?

The servers are hosted by OVH in France, recognized with an ISO/IEC 27001 certification and audited to SSAE 16/ISAE 3402 and SOC 2 Type II standard.

Can we ask to remove all the data from your servers?

Yes. Contact us.

Is LeaveBoard data encrypted?

Yes. Data is encrypted - from login to logout - using bank-grade standards, including 256-bit SSL encryption

Does LeaveBoard has a data processing officer?

To comply with these regulations we have a designated Data Protection Officer.